Annex 1 - Management Board effectiveness analysis 


Areas of focus average scores 

Position: 3.1 (out of 4) 

e Positives: quality of discussion, horizon scanning; good balance and 
comprehensive coverage of issues; political awareness; good balance 
of formal and informal; diverse perspectives. 

e Suggestions for improvement: comparisons to other regulators; more 
clarity on the key issues for the board; more NED experience in policy 
background; more subject matter expertise; programme of deep 
dives; more external input before strategy is created; invite external 
contributors more frequent board meetings or more briefings; ) 

e Actions to improve: 

o feed comments regarding NED experience/background into 
Nominations Committee to ensure that it is factored in to 
recruitment (Action: Corporate Governance to provide to Mike 
Collins); 

o consider how to get external expertise into meetings, most likely 
through the UK Regulators Network (UKRN). Options include the 
UKRN next-generation NEDs programme, UKRN NEDs coaching 
and mentoring/buddying systems between UKRN NEDs (this would 
also give an opportunity to promote the importance of personal 
data to the NEDs at other regulators) (Action: Louise Byers and Jo 
Butler). 

o Add gap analysis to other regulators that will be prepared for Risk 
and Governance Board (domestic regulators) and Regulatory 
Delivery Board (other DPAs) are added to the work programme 
(Action: Corporate Governance) 


Culture: 3.2 (out of 4) 

e Positives: Good mix of members; risk management; informal NED 
calls; Directors presenting at Board; values; 

e Suggestions for improvements: better management information 
around risk management; more time should be spent on this area - 
should be a big focus for the Board; ensure Board focuses on strategic 
issues; embrace EDI more; clearer overall vision for the Board) 

e Actions to improve: 

o Develop Management Information (KPIs will be presented to May 
Management Board meeting, so no new action required here at 
this stage); 

o Identify an ET member to serve as “EDI champion” during Board 
meetings, to ensure EDI is specifically flagged up as an issue for 
discussion where appropriate (Action: Louise Byers and Corporate 
Governance) [note: suggestion is an ET member as they can play 
that role in ET as well, where similar issues were identified]. 


Capability: 3.1 (out of 4) 


Positives: detailed reviews of specific Depts; identifying our 
weaknesses; challenging questions; Audit Committee; NED 
involvement in project boards; horizon scanning; creation of 
Nominations Committee; informal sessions. 

Suggestions for improvements: spread the demand across NEDs more 

evenly; more NEDs with regulatory background; ensure policies have 

kept pace with our growth (especially around finance); sharper focus; 

Board succession plan; managing staff workload; clearer sign off of 

projects) 

Actions: 

o Check NED workloads (this work is already ongoing through the 
Nominations Committee); 

o Ensure that robustness of Finance policies is reviewed (Action: 
Andrew Hubert) [note: this will also be picked up through an 
internal audit during 2021/22]; 

o Ensure that there is regular reporting from Nominations Committee 
to Management Board, to ensure that the Board is kept up to date 
on the work the Nominations Committee will do in this area. To be 
confirmed whether this is a report after every meeting, or an 
annual/six-monthly report (Action: Corporate Governance to 
facilitate with Nicky Wood). 


Perception: 3.2 (out of 4) 


Positives: mix of perspectives, including NED experience; self- 
reflection; good questions; good challenge from media coverage; good 
information provided solution focused; 

Suggestions for improvements: need to improve in Comms; NEDs 

need to be more aware of stakeholder commentary; more MI from 

Comms; supporting the new IC; wider selection of material; 

addressing the politics; independent/ external challenge; deep dives 

into stakeholder views, probably twice per year (other deep dives 
might also be useful). 

Actions to improve: 

o Add the NEDs to the daily curated media monitoring summary that 
Comms produce, and circulate any other targeted briefings that 
are produced on specific issues to the NEDs (Action: Tim Bowden); 

o The comments around external challenge were picked up under 
Position. 

o As described under Culture, the work around Management 
Information will be presented to the May Board meeting. 

o Add Stakeholder perception research to the Management Board 
work programme, twice yearly (Action: Chris Braithwaite and Tim 
Bowden) 


Performance: 3 (out of 4) 


e Positives: challenge culture; level of preparation and detailed 
questions; quality of papers; good level of scrutiny; input from 
Directors and Dept Heads. 

e Suggestions for improvements: weak on MI/BI - better, more concise 
info needed, more mature measurement and evidence; balanced 
scorecard; spend more time looking at complaints; provide more 
challenge if falling short of objectives); more focus on regulatory 
work, particularly approach to prioritisation and lessons learned from 
significant cases. 

e Actions to improve: 

o As described under Culture, work around Management Information 
will be presented to the Board in May. 

o Add regulatory prioritisation approach to Management Board work 
programme (Action: Chris Braithwaite and James Dipple- 
Johnstone). 

o Make arrangements for lessons learned from key cases to be 
provided to Management Board (Action: James Dipple-Johnstone 
and Claudia Berg) 


Overall effectiveness: 3.2 (out of 4) 

Conclusion: Ratings are broadly consistent across all areas. Improved 
Management Information should have significant benefits, assuming that 
this delivers the information that the Board requires. 


Other statistical scores 

Risk Management: 3.5 (out of 4) 
Quality of reports: 3.2 (out of 4) 
Timeliness of reports: 3.5 (out of 4) 
Quality of minutes: 3.5 (out of 4) 
Timeliness of minutes: 3.6 (out of 4) 


Diversity: 3 

e Suggestions to improve: More ICO junior staff attending meetings to 
present reports) 

e Action to improve: 

o Identify staff below ET level to attend Management Board meetings 
to present reports or hear discussion as standard (Action: 
Corporate Governance to prompt ET members to suggest 
appropriate attendees). 

o Identify some external speakers representing more diverse points 
of view. This also helps with challenge culture and risk of “group 
think”. (Action: Louise Byers and Corporate Governance to discuss 
how to achieve this) 


Are processes in place for appointment of new Board members, including 
amount of time available and induction: 5 yes, 5 partially. 


e Comments: lack of visibility is the main issue, rather than any specific 
holes being identified. 

Are processes in place for identifying and developing leadership potential: 

4 yes, 1 no, 5 partially. 

e Comments: As above, lack of visibility is the main issue. 

e Action to improve: As mentioned under Capability, the Nominations 
Committee is working on both of these areas. Regular reporting out of 
Nominations Committee will fill this gap. 


Do agendas contain the right areas for discussion and right amount of 
time: 5 yes, 5 partially 
e Comments: papers don’t give Board enough scope to challenge 
delivery; papers should be shorter and highlight key points; more HR 
discussions; should finance and risk be considered as primarily the 
responsibility of Audit Committee, rather than the Board, which would 
allow more Board time for other discussions. 
e Actions to improve: 
o Ensure that reports to Management Board identify areas for 
challenge from the Board (Action: Corporate Governance to ensure 
this is reflected in templates). 


Does the Board foster a culture of debate and constructive challenge: 10 
yes. 
Conclusion: this is a major strength. 


Are you satisfied that there are mechanisms in place to ensure the Board 

is aware of issues: 9 yes, 1 no. 

e Comment: “Board needs to be informed of actions taken by the ICO - 
for example, Board members should be sent copies of all NR so that 
they are confident that they are aware of what the executive and 
organisations are doing.” 

e Action to improve: 

o Provide either a regular report to the Board setting out actions 
taken since the last meeting, or add Board members to a 
distribution list notifying them of actions. (Action: Corporate 
Governance to discuss with James Dipple-Johnstone and Steve 
Eckersley) 


Overall conclusions: Scores overall were very high and consistent. 
Some strengths identified (quality of discussions and reports, level of 
challenge and debate in meetings), some key areas of weakness either 
have actions in train to address (e.g. developing MI, Nominations 
Committee work), or can be fairly easy addressed by better 
communication with the Board (e.g. giving the Board info on regulatory 
action taken and existing media scans). 


Annex 2 - Audit Committee effectiveness analysis 


Overall effectiveness: 3.67 (out of 4) 
Conclusion: very high score. 


Does the Audit Committee receive satisfactory information on each of the 
following? 


Strategic risks - yes: 3 
Risk management strategy - yes: 3 
Major incidents - yes: 3 
Draft accounts - yes: 3 
Accounting policies - yes: 3; (comment: we should have been 
leading on trust statements, like the CMA. Auditors have not been 
helpful on this debate) 
Draft governance statement - yes: 3 
Tender of Audit function - yes: 2; no: 1 
o Comment: the attempted tender for IA in late 2020 was 
fraught with difficulties of the ICO’s own making and the 
“solution” found is a compromise and not ideal.) 
Internal Audit Strategy - yes: 3 
Head of Internal Audit report - yes: 3 
Internal Audit assurance reports - yes: 2 
o Comment: I’m not aware that we have actively evaluated the 
performance of internal audit 
Annual internal audit opinion - yes: 3 
External audit - yes: 3 
External audit management letter - yes: 2; no: 1 
o Comment: Separate letter is not produced. Sometimes NAO’s 
year-end report highlights weaknesses in internal control. 
Reports on cooperation between internal and external audit - yes: 2; 
no: 1 
o Comment: No, but there is no need for cooperation as there is 
no overlap. 
Other areas of internal control - yes: 3 


Actions to improve areas identified about: 


Ensure there is continuous dialogue with DCMS finance and auditors to 


ensure that the ICO is meeting best practice regarding emerging 


finance and accounting policies and practices (Action: Andrew Hubert) 


- Ensure that internal audit comments are picked up as part of our 
review of internal audit provision (Action: Jo Butler) 


Other statistical scores 

Quality of reports: 3.67 (out of 4) 
Timeliness of reports: 3.67 (out of 4) 
Quality of minutes: 3.67 (out of 4) 
Timeliness of minutes: 4 (out of 4) 


Diversity: 3 (out of 4) 

e Comment: We could include input from more managers whose work 
is covered by IA reports 

e Action to improve: We have previously invited managers who have 
been subject to recent internal audits to attend meetings, but this 
didn’t add much value to the meetings, as the managers had 
already had extensive discussions with internal auditors during the 
audit. We can implement the actions from Management Board 
regarding inviting more junior staff to present reports, where 
possible. (Action: Corporate Governance) 


Is there other information that you want to receive: No 


Is there an effective free and confidential access between the Head of 
Internal Audit and Chair? 
Yes: 2; no: 1 
e Comment: I believe this direct line exists but I’m not aware that it’s 
been used. There is always a pre meeting of members of AC with 
both Internal and External Auditors without Management being 
present. 


How effective is this relationship: 3.33 (out of 4) 


Are procedures in place for appointment and induction of new members, 


and enough time for the committee to discharge its duties? 
Yes: 3 


Audit Committee Annual report - does it cover everything it needs to? 
Yes: 3 


How effective is Audit Committee at having an independent voice? 3.67 
(out of 4) 


How effective is Audit at reporting to Management Board? 3.33 (out of 4) 
Do agendas contain the right information? Yes: 3 


Does Audit Committee foster a culture of debate and constructive 
challenge? Yes: 3 


Do mechanisms exist to ensure that Audit Committee are informed of 

things at the right time and in the right detail? Yes: 2; No 1 

e Comment: Generally yes but there have been a couple of instances 
where communication could have been improved - one whistleblowing 
incident on veracity of the Accounts and the FOI, and reporting in the 
press, of purchases of chocolate using a corporate credit card.) 

e Action to improve: 
o Consider establishing regular meetings between either Paul Arnold 

or Louise Byers and the Chair of the Audit Committee to increase 


the amount of transparency on issues such as this (Action: Paul 
Arnold, Louise Byers and Ailsa Beaton to consider) 


Additional feedback: Committee is well-chaired and effective; committee 
is a collaborative team 


Conclusion: performance is extremely high and there are only very 
minimal actions to take to improve performance. 


Annex 3 - Remuneration Advisory Panel effectiveness analysis 


Overall effectiveness: 3.67 (out of 4) 


Providing scrutiny on the remuneration strategy for Executive Directors: 4 
(out of 4) 


Considering specific proposals on remuneration of Exec Directors: 4 (out 
of 4) 


Consider Exec performance and Development: 3.67 (out of 4) 


Has the panel ensured that no person is involved in their own evaluation? 
yes: 3 


Has the panel had regard to IRSP, Pay Policy, budget, EDI etc? Yes: 3 


What does the Panel do well: clear advice; quality feedback; support to 
the commissioner; understanding the challenges 


How could the Panel improve: reports often give more context rather than 
focus on key issues; better planning of meeting; commissioner needs to 
provide objectives to ET members in a more timely way. 

Actions to improve: 

- Ensure a panel meeting is scheduled in May/June each year, at which 
the Commissioner will provide the ET to the Panel (Action: Corporate 
Governance to liaise with Liz Denham); 

- HR to update report format to ensure they focus on key issues 
(Action: Mike Collins). 


Does the agenda contain the right info? Yes: 2; No: 1 (Comments: Some 
of the papers provided were dragging the committee 'into the weeds' but 
the new ToR should stop this.) No action needed 


Statistical measures 

Quality of reports: 3.33 (out of 4) 
Timeliness of reports: 2.67 (out of 4) 
Quality of minutes: 3.33 (out of 4) 
Timeliness of minutes: 3.33 (out of 4) 


Conclusions: Panel is performing very well. Only very minimal actions 
required, and they can be sorted very quickly. 


Annex 4 - Executive Team effectiveness analysis 


Overall ET effectiveness: 3 (MB overall: 3.2; ET members rating MB: 3) 


Areas of focus average scores 

Position: 3 (out of 4) (MB overall: 3.1; ET members rating MB: 2.8) 

e Positives: good discussion and culture; swift decision making; 

e Suggestions for improvement: external environment this year has 
been inevitably challenging; need better MI and other regular reports; 
better process for feeding things up from SLT Boards; common 
understanding of when ET needs to engagement; too ad hoc; focus 
more on the future; better commissioning 

e Actions to improve: 

o As noted with Management Board, MI is being developed. 

o Define the limits of the powers of the SLT Boards to ensure there is 
clarity about where a decision needs to be referred to ET. (Action: 
Corporate Governance) [Note: this work will also look at clarifying 
thresholds for when decisions need to be referred to the SLT 
Boards) 

o Add “long-term considerations” to the ET report template, to 
ensure that there is always consideration of long-term issues (and 
if there are none, authors can consider whether ET is the 
appropriate place for a decision) (Action: Corporate Governance). 

o Ensure common use of commissioning briefs by ET to request work 
(Action: collective by Executive Team) 


Culture: 3 (out of 4) (MB overall: 3.2; ET members rating MB: 3.2) 

e Positives: risk management; process for bringing things to ET is clear 
and simple; good at clear messaging, tone and culture; quality of 
papers has improved; good challenge; 

e Suggestions for improvement: need to translate ET discussions into 
outcomes for staff - should agree communications messages in each 
item; better MI; should schedule an ET away day to work together as 
a new team; subgroups of ET members to task and finish; improve 
links to SLT/leadership) 

e Actions to improve: 

o Communications considerations has been added to report 
templates, but we should also consider whether to identify an ET 
“staff champion” to be asking “what do we tell staff” for all 
substantive items (similar to EDI champion) (Action: Louise Byers 
and Corporate Governance); 

o As noted with Management Board, MI is being developed; 

o Hold an ET away day at the appropriate point (Action: Paul Arnold 
to determine when this would be most effective, summer 2021 or 
winter 2021, when the new Commissioner has joined) 


Capability: 2.8 (out of 4) (MB overall: 3.1; ET members rating MB: 3) 


Positives: Good conversations about issues; aware of capacity 
challenges; scrutiny of budges and resources; setting priorities etc; 
clearer structure; good range of inputs. 

Suggestions for improvement: more medium/long term discussions; 

succession planning; being more open to say no to manage resources; 

need to get back to BAU; more external perspectives) 

Actions to improve: 

o Long term issues is covered under Position; 

o succession planning can be covered through reporting into/out of 
Nominations Committee, which is mentioned in the Management 
Board actions; 

o The comments around “saying no” may be a useful subject for 
discussion at the ET away day (an action under Culture) (Action: 
Paul Arnold) 

o The external perspectives issue can potentially be picked up 
through the same methods as in the Management Board 
questionnaire - linking up with UKRN. 


Perception: 2.6 (out of 4) (MB overall: 3.2; ET members rating MB: 3) 


Positives: openness to ideas and challenge; issues are well considered 
before coming to ET; stakeholder survey; corporate narrative; fluid 
approach to adjust as needed; 

Suggestions for improvement: more structure needed to discussions; 

need to understand and address the external perception; weighting of 

key stakeholders; too event-led; get out ahead of issues; recognise 
what is outside of our control; socialise the narrative; sometimes need 

Directors to operate more autonomously to free up ET from 

operational matters; evolve the narrative; more review of trends and 

analysis, by stakeholder or area) 

Actions to improve: 

o Add links to the Corporate narrative to the report templates 
(Action: Corporate Governance). 

o The work emerging from the stakeholder perception surveys 
should provide more information on stakeholders (Action: Tim 
Bowden to provide information back to ET as appropriate from that 
work) 

o The comments regarding Directors may be a useful subject for 
discussion at the ET away day (an action under Culture) (Action: 
Paul Arnold) 


Performance: 2.8 (out of 4) (MB overall: 3; ET members rating MB: 3.2) 


Positives: challenge culture; good engagement on IRSP reviews; good 
papers; good report structure; 

Suggestions for improvement: better MI; more focus on progress 
towards achieving goals; consider projects more in the round than in 
isolation; not enough discussion in this area) 


Actions to improve: 


o Management Information has been mentioned elsewhere, which 
covers most of the suggested improvements. 


Other statistical scores 

Quality of reports: 2.8 (out of 4) (MB overall: 3.2; ET members rating 
MB: 3) 

Timeliness of reports: 3 (out of 4) (MB overall: 3.5; ET members rating 
MB: 3.4) 

Quality of minutes: 3.4 (out of 4) (MB overall: 3.5; ET members rating 
MB: 3.2) 

Timeliness of minutes: 3.4 (out of 4) (MB overall: 3.6; ET members rating 
MB: 3.4) 


Diversity: 2.8 (out of 4) (MB overall: 3 (out of 4); ET members rating MB: 

3) 

e Suggestions to improve: bringing other colleagues in to discussion or 
presentation, especially on planning days; need to improve diversity 
overall; ensure that we consider diversity on every substantive item; 
bring in external views); recorded audio/video introductions might be 
helpful, as that provides information in different ways - could be used 
for informal meetings as well as formal. 

e Actions to improve: 

o Facilitate junior staff coming to present every report at ET (Action: 
Corporate Governance). 

o Add an item to ET work programme about our diversity action plan 
(Action: Jen Green to provide details for this) 


Does ET fulfil its role of dealing with the most strategic issues? 

Yes: 2; Partially 3. 

e Comments: good at starting the discussion, but don’t bring back 
subsequent discussions to ET before they are agreed; too many 
operational decisions that Directors should be taking - need to 
challenge Directors to improve their performance and to free up ET 
focus; more focus on developing the work programme to make sure 
the meetings are representative of the key areas of 
assurance/decision where ET is needed; slightly out of scope, but it 
would be useful to add timings to the ET informal agenda. 

e Action to improve: 

o Ensure that actions from ET meetings are tracked more actively, to 
ensure that issues come back to ET as expected (Action: Corporate 
Governance to establish more consistent tracking of ET actions); 

o Ensure that the ET work programme is considered at an ET 
planning session on a quarterly basis (Action: Paul Arnold) 


Do agendas contain the right areas for discussion? 
Yes: 4; Partially 1 


Do ET meetings have a culture of challenge and debate? 
Yes: 5. 


Are mechanisms in place to make sure ET is informed at the right time, in 


the right detail? 
Yes: 5 


e Comments: have had to have some urgent ad-hoc meetings (mainly 
due to COVID, which is understandable); some issues have come to 
ET quite late; more enforcement/regulatory action should come to ET 
- need more clarity on ET’s role on these. 
e Action to improve: 
o James Dipple-Johnstone has already committed to providing 
updates to ET (at informal meetings) on key cases. No additional 
action needed beyond that at this point. 


Does referral from SLT and Boards work well? 
Yes: 3; partially: 2 
e Comments: need better ways of working place for the Boards; need 
decisions to be brought to ET at the right time - currently too early or 
too late; need more clarity about responsibilities of referral from SLT 
to ET and required content in those. 
e Action to improve: 
o The action mentioned under Position regarding clarity of when an 
ET decision is needed will resolve this. It will be important to 
ensure that the manage potential conflict between ET’s desire to 
be able to focus on the long-term/strategic issues and being 
dragged into operational matters through referrals. 


Does ET consider Engagement triage requests effectively? 

Yes: 3; No: 1; Partially: 1 

e Comments: greater need for proactive opportunities, rather than 
reactive; need to review feedback about whether engagement was 
successful. 

e Action to improve: 
o Review the speaking engagements triage process during summer 

2021 (Action: Corporate Governance) 


Overall conclusions: Scores were lower than for Management Board, 
but still pretty high and consistent. Some of the actions are similar to MB 
(e.g. MI), but some are a bit more difficult, particularly RE clarity on roles 
of SLT/ET (which will come more maturity of those Boards) and 
performance of Directors. 


